216.73.216.133

CVE-2026-23761

· Published 22/01/2026 17:16 · Modified 22/01/2026 17:16

Labels: CVE-2026-23761 2026-01-22CVE-2026-23761CWE-824[email protected]

Essential information

Published
22/01/2026 17:16
Modified
22/01/2026 17:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vb-audio / voicemeeter cpe:2.3:a:vb-audio:voicemeeter:*:1.1.1.9:*:*:*:*:*:*
vb-audio / voicemeeter banana cpe:2.3:a:vb-audio:voicemeeter_banana:*:2.1.1.9:*:*:*:*:*:*
vb-audio / voicemeeter potato cpe:2.3:a:vb-audio:voicemeeter_potato:*:3.1.1.9:*:*:*:*:*:*
vb-audio / matrix cpe:2.3:a:vb-audio:matrix:*:1.0.2.2:*:*:*:*:*:*
vb-audio / matrix coconut cpe:2.3:a:vb-audio:matrix_coconut:*:2.0.2.2:*:*:*:*:*:*

References